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CLAIMS 

1 . (Previously Presented) A method of detecting an intrusion at a node of a 
network, comprising: 

reading a first packet received by the node; 
determining a first signature of the first packet; 

comparing the first signature with a signature file comprising a first machine-readable 
logic representative of a first packet signature; 

reading a second packet generated by the node in response to reception of the first 

packet; 

determining a second signature of the second packet; 

comparing the second signature with the signature file further comprising a second 
machine-readable logic representative of second packet signature; and 

identifying the first packet as an intrusion if the first signature corresponds with the 
first machine readable logic and the second signature corresponds with the second machine 
readable logic. 

2. (Original) The method according to claim 1, further comprising executing a 
directive associated with the first machine readable logic upon determining the first signature 
corresponds with the first machine readable logic. 

3. (Original) The method according to claim 1, further comprising executing a 
directive associated with the second machine readable logic upon determining the second 
signature corresponds with the second machine readable logic. 

4. (Original) The method according to claim 3, wherein executing a directive 
associated with the second machine readable logic further comprises discarding the second 
packet. 

5. (Original) The method according to claim 4, wherein discarding the second 
packet further comprises discarding the packet at the network layer of the network stack of 
the node. 
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6. (Original) The method according to claim 1, wherein reading a second packet 
generated by the node in response to reception of the first packet further comprises reading a 
second packet generated by a network stack of an operating system of the node. 

7. (Previously Presented) A computer-readable medium having stored thereon a 
set of instructions to be executed, the set of instructions, when executed by a processor, cause 
the processor to perform a computer method of: 

reading a first packet; 

determining a first signature of the first packet; 

comparing the first signature with a first instruction set comprising a first set of 
machine readable logic representative of a first packet signature; 

reading a second packet generated in response to reception of the first packet; 
determining a second signature of the second packet; 

comparing the second signature with a second instruction set comprising a second set 
of machine readable logic representative of a second packet signature; and 

identifying the first packet as an intrusion if the first signature corresponds with the 
first set of machine readable logic and the second signature corresponds with the second set 
of machine readable logic. 

8. (Original) The computer-readable medium according to claim 7, further 
comprising an instruction set that, when executed by the processor, causes the processor to 
perform the computer method of executing, upon determining the first signature corresponds 
with the first instruction set, a directive comprised of machine-readable instructions, the first 
instruction set comprising the directive. 

9. (Original) The computer-readable medium according to claim 7, further 
comprising an instruction set that, when executed by the processor, causes the processor to 
perform the computer method of executing, upon determining the second signature 
corresponds with the second instruction set, a directive comprised of machine-readable 
instructions, the second instruction set comprising the directive. 
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10. (Original) The computer-readable medium according to claim 9, wherein 
executing a directive comprised of machine-readable instructions further comprises executing 
a directive that causes the processor to discard the second packet. 

1 1 . (Original) The computer-readable medium according to claim 1 0, wherein 
executing a directive that causes the processor to discard the second packet further comprises 
discarding a packet at a network layer of a network stack. 

12. (Original) The computer-readable medium according to claim 7, wherein 
comparing the first signature with a first instruction set comprising a first set of machine 
readable logic representative of a packet signature further comprises performing a binary 
pattern comparison with the first signature and the first set of machine readable logic. 

13. (Original) The computer-readable medium according to claim 7, wherein 
comparing the second signature with a second instruction set comprising a second set of 
machine readable logic representative of a packet signature further comprises performing a 
binary pattern comparison with the second signature and the second set of machine readable 
logic. 
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14. (Previously Presented) A node of a network operable to detect an intrusion 
thereof, comprising: 

a central processing unit; 

a memory module for storing data in machine readable format for retrieval and 
execution by a central processing unit; and 

an operating system comprising a network stack comprising a protocol driver, a media 
access control driver and a network filter service provider bound to the protocol driver and 
the media access control driver, the network filter service provider operable to receive a first 
packet and to determine a first signature of the first packet and compare the first signature 
with a first instruction set comprising a first set of machine readable logic representative of a 
first packet signature, the network filter service provider further operable to receive a second 
packet generated in response to receipt of the first packet and to determine a second signature 
of the second packet and compare the second signature with a second instruction set 
comprising a second set of machine readable logic representative of a second packet 
signature, the network filter service provider operable to identify the first packet as an 
intrusion if the first signature corresponds with the first set of machine readable logic and the 
second signature corresponds with the second set of machine readable logic 

15. (Previously Presented) The node according to claim 14, wherein the processor 
is operable to execute a directive causing the network filter service provider to discard the 
second packet. 

16. (Original) The node according to claim 14, wherein the first packet is 
received by the node and the second packet is generated by the node. 

17. (Original) The node according to claim 14, wherein the first packet is 
generated by the node and the second packet is received by the node. 

18. (Original) The node according to claim 14, wherein the network filter service 
provider further comprises a pattern matching algorithm, the comparison of the first signature 
with the first instruction set and the comparison of the second signature with the second 
instruction set performed by the pattern matching algorithm. 
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19. (Previously Presented) A method of detecting an intrusion at a node of a 
network, comprising: 

reading a response packet by the node, the response packet generated in response to 
reception of a first packet by the node; 

determining a signature of the response packet; 

comparing the signature with a signature file comprising a machine-readable logic 
representative of a packet signature; and 

identifying the first packet as an intrusion if the signature corresponds with the 
machine-readable logic. 

20. (Previously Presented) The method according to claim 19, wherein the 
response packet is received by the node. 

21 . (Previously Presented) The method according to claim 19, wherein the 
response packet is generated by the node. 

22. (Previously Presented) The method according to claim 19, further comprising 
determining that the first packet is a probe packet upon determining the signature corresponds 
with the machine-readable logic. 
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